Connect to your Linux instance with EC2 Instance Connect
Amazon EC2 Instance Connect provides a simple and secure way to connect to your Linux instances with Secure Shell (SSH). With EC2 Instance Connect, you use Amazon Identity and Access Management (IAM) policies and principals to control SSH access to your instances, removing the need to share and manage SSH keys. All connection requests using EC2 Instance Connect are logged to Amazon CloudTrail so that you can audit connection requests.
You can use EC2 Instance Connect to connect to your instances using the Amazon EC2 console or an SSH client of your choice.
When you connect to an instance using EC2 Instance Connect, the Instance Connect API pushes an SSH public
key to the instance metadata where it remains
for 60 seconds. An IAM policy attached to your user authorizes your user to push the
public key to the instance metadata. The SSH daemon uses AuthorizedKeysCommand
and AuthorizedKeysCommandUser
, which are configured when Instance Connect is installed,
to look up the public key from the instance metadata for authentication, and connects you to
the instance.
You can use EC2 Instance Connect to connect to instances that have public or private IP addresses. For more information, see Connect using EC2 Instance Connect.
For a blog post that discusses how to improve the security of your bastion hosts using
EC2 Instance Connect, see Securing your bastion hosts with Amazon EC2 Instance Connect
Tip
EC2 Instance Connect is one of the options to connect to your Linux instance. For other options, see Connect to your Linux instance. To connect to a Windows instance, see Connect to your Windows instance.